“Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes,” said
Steve Ragan, the report’s principal author and Akamai security researcher. “Criminals targeting the financial services industry pay close attention to the defenses used by these organizations
, and adjust their attack patterns accordingly.”
Is there an answer to the onslaught of cyber attacks faced by financial services firms?
Additionally, August 2019 saw the largest credential attack against a financial service provider in Akamai’s history, which consisted of over 55 million login attempts, although this was not completely directed at APIs.
The same culprits of that incident caused another later that same month, this time targeting APIs directly and produced over 19 million attacks.
The most frequent type of attack on financial services, according to the report, was Local File Inclusion (LFI), which targets scripts running on servers to force the leak of sensitive information; this accounted for 47% of observed traffic.
SQL injection (SQLi) also made up a prominent proportion of attacks on financial services (36%).
The sector also faced a noteworthy amount of Distributed Denial of Service (DDoS) attacks; it ranked third in attack volume compared to other industries, coming in behind gaming and high-tech, but a leading proportion of 40% of unique DDoS targets were in financial services.
DDoS attacks: why size isn’t everything
“Security teams need to constantly consider policies, procedures, workflows, and business needs – all while fighting off attackers that are often well organised and well-funded,” Ragan continued. “Our data shows that financial services organisations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics.”